From 46581d588625fe67e61ae25d073ea712df325566 Mon Sep 17 00:00:00 2001 From: Irvine Fleith Date: Tue, 26 Nov 2024 09:42:32 +0100 Subject: [PATCH 01/18] FIX : Hidden dropdown download link in project --- htdocs/projet/element.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index f91fefb9f27..59b35e98599 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -1288,7 +1288,7 @@ foreach ($listofreferent as $key => $value) { print "\n"; // Ref - print ''; + print ''; if ($tablename == 'expensereport_det') { print $expensereport->getNomUrl(1); } else { From caabaabb54691d56273733999cbd1d8425b9d510 Mon Sep 17 00:00:00 2001 From: Irvine Fleith Date: Thu, 28 Nov 2024 13:59:07 +0100 Subject: [PATCH 02/18] Added table for handling tdoverflowmax --- htdocs/projet/element.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index 59b35e98599..1013d1f7398 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -1292,6 +1292,7 @@ foreach ($listofreferent as $key => $value) { if ($tablename == 'expensereport_det') { print $expensereport->getNomUrl(1); } else { + print ''; + + print '
'; // Show ref with link if ($element instanceof Task) { print $element->getNomUrl(1, 'withproject', 'time'); @@ -1327,6 +1328,10 @@ foreach ($listofreferent as $key => $value) { } print ''; + print ''; + // Show supplier ref if (!empty($element->ref_supplier)) { print ' - '.$element->ref_supplier; @@ -1339,6 +1344,8 @@ foreach ($listofreferent as $key => $value) { if (empty($element->ref_customer) && !empty($element->ref_client)) { print ' - '.$element->ref_client; } + + print '
'; } print "\n"; // Product and qty on stock movement From d321f4cc7d0264ffebe3a760373d036a0cffcbc8 Mon Sep 17 00:00:00 2001 From: Codered741 Date: Thu, 19 Dec 2024 12:22:58 -0500 Subject: [PATCH 03/18] response to issue #32292 --- htdocs/product/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 0f7d57db40c..5922e0f18d1 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -119,7 +119,7 @@ $search_accountancy_code_buy_intra = GETPOST("search_accountancy_code_buy_intra" $search_accountancy_code_buy_export = GETPOST("search_accountancy_code_buy_export", 'alpha'); $search_import_key = GETPOST("search_import_key", 'alpha'); $search_finished = GETPOST("search_finished"); -$search_units = GETPOST('search_units', 'alpha'); +$search_units = GETPOST('search_units', 'int'); $type = GETPOST("type", 'alpha'); // Show/hide child product variants From 62bd14a68d7bd5082f8374c5e8f26fae658384fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 19 Dec 2024 18:54:51 +0100 Subject: [PATCH 04/18] fix ci branch 20.0 --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 16b24c1eeb6..6c5643e6e78 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,7 +24,6 @@ repos: exclude: | (?x)^(htdocs/includes/.*)$ # This checks that yaml files are correct - args: [--branch, develop, --pattern, \d+.0$] - id: check-yaml args: [--unsafe] # This checks that json files are correct From 840166462e5db4a4da813ee51015578b66ffdc7b Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Thu, 19 Dec 2024 19:40:03 +0100 Subject: [PATCH 05/18] Revert --- htdocs/document.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/document.php b/htdocs/document.php index c870c1cca1e..f0e60549d1c 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -103,7 +103,7 @@ $original_file = GETPOST('file', 'alphanohtml'); $hashp = GETPOST('hashp', 'aZ09'); $modulepart = GETPOST('modulepart', 'alpha'); $urlsource = GETPOST('urlsource', 'alpha'); -$entity = GETPOSTINT('entity') ? GETPOSTINT('entity') : $conf->entity; +$entity = GETPOSTINT('entity'); // Security check if (empty($modulepart) && empty($hashp)) { From a6de5d6d5c2d30725a0db39f313bb75213bbd526 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 20 Dec 2024 12:14:09 +0100 Subject: [PATCH 06/18] fix phpstan --- build/phpstan/phpstan-baseline.neon | 12 ------------ htdocs/core/tpl/objectline_view.tpl.php | 2 ++ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/build/phpstan/phpstan-baseline.neon b/build/phpstan/phpstan-baseline.neon index 1c7672653e5..823aa736e05 100644 --- a/build/phpstan/phpstan-baseline.neon +++ b/build/phpstan/phpstan-baseline.neon @@ -16908,18 +16908,6 @@ parameters: count: 1 path: ../../htdocs/core/tpl/objectline_view.tpl.php - - - message: '#^Variable \$action might not be defined\.$#' - identifier: variable.undefined - count: 2 - path: ../../htdocs/core/tpl/objectline_view.tpl.php - - - - message: '#^Variable \$i might not be defined\.$#' - identifier: variable.undefined - count: 5 - path: ../../htdocs/core/tpl/objectline_view.tpl.php - - message: '#^Variable \$objp might not be defined\.$#' identifier: variable.undefined diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php index 9e34f4ba39f..93bc95c0a12 100644 --- a/htdocs/core/tpl/objectline_view.tpl.php +++ b/htdocs/core/tpl/objectline_view.tpl.php @@ -52,6 +52,8 @@ * @var Translate $langs * @var User $user * + * @var string $action + * @var int $i * @var 0|1 $forceall * @var int $num * @var 0|1 $senderissupplier From 57cc09db4878375ca49a9b6e9b990068b79c6e07 Mon Sep 17 00:00:00 2001 From: Gouttfi Date: Fri, 20 Dec 2024 13:04:06 +0100 Subject: [PATCH 07/18] FIX : chore doc : update wrong URL for DCO --- .github/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index d898628013e..a992c0a13f6 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -36,7 +36,7 @@ Definition: As the Developer: -1. Check you agree with the terms of the [DCO - Developer's Certificate of Origin](https://github.com/Dolibarr/dolibarr/DCO) +1. Check you agree with the terms of the [DCO - Developer's Certificate of Origin](https://github.com/Dolibarr/dolibarr/blob/develop/DCO) 2. [Fork](https://help.github.com/articles/fork-a-repo) the [GitHub repository](https://github.com/Dolibarr/dolibarr). 3. Clone your fork. 4. Choose a branch(See the [Branches](#branches) section below). From 4f439bd7355dc5c8a65af93dca1e9604d8ea1ff3 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 21 Dec 2024 07:09:14 +0100 Subject: [PATCH 08/18] FIX #32408 Dict - module Event organisation is stable now --- htdocs/admin/dict.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index d40c143e0ed..d5492e16956 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -8,7 +8,7 @@ * Copyright (C) 2011 Remy Younes * Copyright (C) 2012-2015 Marcos García * Copyright (C) 2012 Christophe Battarel - * Copyright (C) 2011-2023 Alexandre Spangaro + * Copyright (C) 2011-2024 Alexandre Spangaro * Copyright (C) 2015 Ferran Marcet * Copyright (C) 2016 Raphaël Doursenaud * Copyright (C) 2019-2022 Frédéric France @@ -711,10 +711,8 @@ if ($id == DICT_TYPE_CONTACT) { 'supplier_proposal' => img_picto('', 'supplier_proposal', 'class="pictofixedwidth"').$langs->trans('SupplierProposal'), 'order_supplier' => img_picto('', 'supplier_order', 'class="pictofixedwidth"').$langs->trans('SupplierOrder'), 'invoice_supplier' => img_picto('', 'supplier_invoice', 'class="pictofixedwidth"').$langs->trans('SupplierBill'), + 'conferenceorbooth' => img_picto('', 'eventorganization', 'class="pictofixedwidth"').$langs->trans('ConferenceOrBooth'), ); - if (getDolGlobalString('MAIN_FEATURES_LEVEL') && getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { - $elementList['conferenceorbooth'] = img_picto('', 'eventorganization', 'class="pictofixedwidth"').$langs->trans('ConferenceOrBooth'); - } complete_elementList_with_modules($elementList); From 76194aca11d0ebe552aae3281e4504a3f03eb7d6 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 22 Dec 2024 07:20:36 +0100 Subject: [PATCH 09/18] FIX GETPOST "$check" parameter can't be empty --- htdocs/adherents/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index a7942735250..ab5fe37bff3 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1299,7 +1299,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // EMail print ''.(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? '' : '').$langs->trans("EMail").(getDolGlobalString("ADHERENT_MAIL_REQUIRED") ? '' : '').''; - print ''.img_picto('', 'object_email', 'class="pictofixedwidth"').'email).'">'; + print ''.img_picto('', 'object_email', 'class="pictofixedwidth"').'email).'">'; // Website print ''.$form->editfieldkey('Web', 'member_url', GETPOST('member_url', 'alpha'), $object, 0).''; From 0889a357abb2aa98b0c5fe9c62b72abde9399c11 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Sun, 22 Dec 2024 21:44:09 +0100 Subject: [PATCH 10/18] Fix creation of database with pgsql --- .../install/pgsql/functions/functions-bom.sql | 23 +++++++++++++++++++ .../install/pgsql/functions/functions-mo.sql | 23 +++++++++++++++++++ htdocs/install/pgsql/functions/functions.sql | 8 ------- 3 files changed, 46 insertions(+), 8 deletions(-) create mode 100644 htdocs/install/pgsql/functions/functions-bom.sql create mode 100644 htdocs/install/pgsql/functions/functions-mo.sql diff --git a/htdocs/install/pgsql/functions/functions-bom.sql b/htdocs/install/pgsql/functions/functions-bom.sql new file mode 100644 index 00000000000..e31c64e170e --- /dev/null +++ b/htdocs/install/pgsql/functions/functions-bom.sql @@ -0,0 +1,23 @@ +-- ============================================================================ +-- Copyright (C) 2024 Laurent Destailleur +-- +-- This program is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program. If not, see . +-- +-- ============================================================================ + + +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bom FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bom_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bomline FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bomline_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); diff --git a/htdocs/install/pgsql/functions/functions-mo.sql b/htdocs/install/pgsql/functions/functions-mo.sql new file mode 100644 index 00000000000..37b92ae5269 --- /dev/null +++ b/htdocs/install/pgsql/functions/functions-mo.sql @@ -0,0 +1,23 @@ +-- ============================================================================ +-- Copyright (C) 2024 Laurent Destailleur +-- +-- This program is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program. If not, see . +-- +-- ============================================================================ + + +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_mo FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_mo_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_production FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); +CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_production_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); diff --git a/htdocs/install/pgsql/functions/functions.sql b/htdocs/install/pgsql/functions/functions.sql index 1d3587c8e7c..5260a44a8c3 100644 --- a/htdocs/install/pgsql/functions/functions.sql +++ b/htdocs/install/pgsql/functions/functions.sql @@ -75,10 +75,6 @@ CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bank_account FOR EAC CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bank_account_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_blockedlog FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_blockedlog_authority FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bom FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bom_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bomline FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bom_bomline_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_bordereau_cheque FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_boxes_def FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_c_email_templates FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); @@ -127,10 +123,6 @@ CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_fichinterdet_extrafi CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_delivery FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_localtax FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_menu FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_mo FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_mo_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_production FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); -CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_mrp_production_extrafields FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_notify FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_notify_def FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); CREATE TRIGGER update_customer_modtime BEFORE UPDATE ON llx_paiement FOR EACH ROW EXECUTE PROCEDURE update_modified_column_tms(); From 40a36e8675fe84777ff40910990e248dbeb7ccd6 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 23 Dec 2024 06:21:26 +0100 Subject: [PATCH 11/18] FIX "location_incoterms" is a string --- htdocs/delivery/card.php | 2 +- htdocs/expedition/card.php | 2 +- htdocs/expedition/shipment.php | 2 +- htdocs/product/stock/stocktransfer/stocktransfer_card.php | 2 +- htdocs/reception/card.php | 2 +- htdocs/societe/card.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/delivery/card.php b/htdocs/delivery/card.php index d8633ef6965..f9578c62e54 100644 --- a/htdocs/delivery/card.php +++ b/htdocs/delivery/card.php @@ -193,7 +193,7 @@ if ($action == 'setdate_delivery' && $permissiontoadd) { } } elseif ($action == 'set_incoterms' && isModEnabled('incoterm')) { // Set incoterm - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); } // Update extrafields diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 6f5c3ed4777..0ddbb7c200d 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -183,7 +183,7 @@ if (empty($reshook)) { // Set incoterm if ($action == 'set_incoterms' && isModEnabled('incoterm')) { - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); } if ($action == 'setref_customer') { diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index b7bac99691d..5c1844fab73 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -158,7 +158,7 @@ if (empty($reshook)) { } } elseif ($action == 'set_incoterms' && isModEnabled('incoterm')) { // Set incoterm - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_card.php b/htdocs/product/stock/stocktransfer/stocktransfer_card.php index d71bb56640d..9456b6d1597 100644 --- a/htdocs/product/stock/stocktransfer/stocktransfer_card.php +++ b/htdocs/product/stock/stocktransfer/stocktransfer_card.php @@ -387,7 +387,7 @@ if (empty($reshook)) { // Set incoterm if ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) { - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); } // Actions to send emails $triggersendname = 'STOCKTRANSFER_SENTBYMAIL'; diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index d62429ea28f..488fef75ffe 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -244,7 +244,7 @@ if (empty($reshook)) { // Set incoterm if ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) { - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); } if ($action == 'setref_supplier' && $permissiontoadd) { diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 53842b8b2d8..c73005a8199 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -810,7 +810,7 @@ if (empty($reshook)) { // Set incoterm if ($action == 'set_incoterms' && $user->hasRight('societe', 'creer') && isModEnabled('incoterm')) { $object->fetch($socid); - $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOSTINT('location_incoterms')); + $result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms')); } // Set parent company From 7f00738618f0cbd8e85581abab32e3c7c3ff4a08 Mon Sep 17 00:00:00 2001 From: ems-co Date: Mon, 23 Dec 2024 19:35:12 +0300 Subject: [PATCH 12/18] Update card.php --- htdocs/societe/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 53842b8b2d8..73ebdc36467 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -1388,7 +1388,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($canvasdisplayactio if (getDolGlobalString('THIRDPARTY_SUPPLIER_BY_DEFAULT')) { $default = 1; } - print $form->selectyesno("fournisseur", (GETPOSTINT('fournisseur') != '' ? GETPOSTINT('fournisseur') : (GETPOST("type") == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type") == '' ? 1 : 0), 1); + print $form->selectyesno("fournisseur", ((GETPOST("type") == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type") == '' ? 1 : 0), 1); print ''; From fb11f6114d774690c2e5269e41aa085602b5ee89 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Tue, 24 Dec 2024 00:03:11 +0100 Subject: [PATCH 13/18] Disable to avoid duplicated feature --- htdocs/install/mysql/data/llx_c_type_contact.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/data/llx_c_type_contact.sql b/htdocs/install/mysql/data/llx_c_type_contact.sql index 07178dacdcd..8fe53ba25ea 100644 --- a/htdocs/install/mysql/data/llx_c_type_contact.sql +++ b/htdocs/install/mysql/data/llx_c_type_contact.sql @@ -120,4 +120,4 @@ insert into llx_c_type_contact (element, source, code, libelle, active ) values insert into llx_c_type_contact (element, source, code, libelle, active ) values ('conferenceorbooth', 'external', 'RESPONSIBLE', 'Booth responsible', 1); -- Thirdparty -insert into llx_c_type_contact (element, source, code, libelle, active ) values ('societe', 'internal', 'SALESREPTHIRD', 'Sales Representative', 1); +--Disabled. The salerepresentativ insert into llx_c_type_contact (element, source, code, libelle, active ) values ('societe', 'internal', 'SALESREPTHIRD', 'Sales Representative', 1); From 885235d96351453b90319c005fab3c2fcef8a604 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Tue, 24 Dec 2024 00:11:56 +0100 Subject: [PATCH 14/18] Trans --- htdocs/install/mysql/data/llx_c_type_contact.sql | 2 +- htdocs/langs/en_US/companies.lang | 4 ++-- htdocs/langs/en_US/main.lang | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/install/mysql/data/llx_c_type_contact.sql b/htdocs/install/mysql/data/llx_c_type_contact.sql index 8fe53ba25ea..7271ba2d38b 100644 --- a/htdocs/install/mysql/data/llx_c_type_contact.sql +++ b/htdocs/install/mysql/data/llx_c_type_contact.sql @@ -120,4 +120,4 @@ insert into llx_c_type_contact (element, source, code, libelle, active ) values insert into llx_c_type_contact (element, source, code, libelle, active ) values ('conferenceorbooth', 'external', 'RESPONSIBLE', 'Booth responsible', 1); -- Thirdparty ---Disabled. The salerepresentativ insert into llx_c_type_contact (element, source, code, libelle, active ) values ('societe', 'internal', 'SALESREPTHIRD', 'Sales Representative', 1); +insert into llx_c_type_contact (element, source, code, libelle, active ) values ('societe', 'external', 'SALESREPTHIRD', 'Sales Representative', 1); diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index c9671fe7503..70c3b20e471 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -33,8 +33,8 @@ CountryIsInEEC=Country is inside the European Economic Community PriceFormatInCurrentLanguage=Price display format in the current language and currency ThirdPartyName=Third-party name ThirdPartyEmail=Third-party email -ThirdParty=Third-party -ThirdParties=Third-parties +ThirdParty=Third party +ThirdParties=Third parties ThirdPartyProspects=Prospects ThirdPartyProspectsStats=Prospects ThirdPartyCustomers=Customers diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 6e85fabaa63..ad6c2a99b74 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1149,6 +1149,7 @@ ContactDefault_project_task=Task ContactDefault_propal=Proposal ContactDefault_supplier_proposal=Supplier Proposal ContactDefault_ticket=Ticket +ContactDefault_societe=Third party ContactAddedAutomatically=Contact added from third-party contact roles More=More ShowDetails=Show details From fcc344f9da6b4d99c408833cd02f0b2d3ae87db4 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Mon, 23 Dec 2024 11:57:19 +0100 Subject: [PATCH 15/18] Security - More robust dol_eval function after vulnerability report by Muhammad Zeeshan (Xib3rR4dAr) --- htdocs/core/lib/functions.lib.php | 13 +++++--- test/phpunit/SecurityTest.php | 51 ++++++++++++++++++++----------- 2 files changed, 41 insertions(+), 23 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ef0e68c369e..fcf8c8407bf 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10564,9 +10564,9 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' } if (preg_match('/[^a-z0-9\s'.preg_quote($specialcharsallowed, '/').']/i', $s)) { if ($returnvalue) { - return 'Bad string syntax to evaluate (found chars that are not chars for a simple clean eval string): '.$s; + return 'Bad string syntax to evaluate (found chars that are not chars for a simple one line clean eval string): '.$s; } else { - dol_syslog('Bad string syntax to evaluate (found chars that are not chars for a simple clean eval string): '.$s, LOG_WARNING); + dol_syslog('Bad string syntax to evaluate (found chars that are not chars for a simple one line clean eval string): '.$s, LOG_WARNING); return ''; } } @@ -10581,15 +10581,17 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' } } - // Now we check if we try dynamic call (by removing white list pattern of using parenthesis then testing if a parenthesis exists) + // Now we check if we try dynamic call + // First we remove white list pattern of using parenthesis then testing if one open parenthesis exists $savescheck = ''; $scheck = $s; while ($scheck && $savescheck != $scheck) { $savescheck = $scheck; $scheck = preg_replace('/->[a-zA-Z0-9_]+\(/', '->__METHOD__', $scheck); // accept parenthesis in '...->method(...' $scheck = preg_replace('/::[a-zA-Z0-9_]+\(/', '->__METHOD__', $scheck); // accept parenthesis in '...::method(...' - $scheck = preg_replace('/^\(/', '__PARENTHESIS__ ', $scheck); // accept parenthesis in '(...'. Must replace with __PARENTHESIS__ with a space after to allow following substitutions - $scheck = preg_replace('/\s\(/', '__PARENTHESIS__ ', $scheck); // accept parenthesis in '... (' like in 'if ($a == 1)'. Must replace with __PARENTHESIS__ with a space after to allow following substitutions + $scheck = preg_replace('/^\(+/', '__PARENTHESIS__ ', $scheck); // accept parenthesis in '(...'. Must replace with "__PARENTHESIS__ with a space after "to allow following substitutions + $scheck = preg_replace('/\&\&\s+\(/', '__ANDPARENTHESIS__ ', $scheck); // accept parenthesis in '... (' like in '&& (...'. Must replace with "__PARENTHESIS__ with a space after" to allow following substitutions + $scheck = preg_replace('/\|\|\s+\(/', '__ORPARENTHESIS__ ', $scheck); // accept parenthesis in '... (' like in '|| (...'. Must replace with "__PARENTHESIS__ with a space after" to allow following substitutions $scheck = preg_replace('/^!?[a-zA-Z0-9_]+\(/', '__FUNCTION__', $scheck); // accept parenthesis in 'function(' and '!function(' $scheck = preg_replace('/\s!?[a-zA-Z0-9_]+\(/', '__FUNCTION__', $scheck); // accept parenthesis in '... function(' and '... !function(' $scheck = preg_replace('/^!\(/', '__NOTANDPARENTHESIS__', $scheck); // accept parenthesis in '!(' @@ -10598,6 +10600,7 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' } //print 'scheck='.$scheck." : ".strpos($scheck, '(')."
\n"; + // Now test if it remains 1 one parenthesis. if (strpos($scheck, '(') !== false) { if ($returnvalue) { return 'Bad string syntax to evaluate (mode '.$onlysimplestring.', found call of a function or method without using the direct name of the function): '.$s; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 9b5db827bc3..45f962a3b47 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -625,52 +625,66 @@ class SecurityTest extends CommonClassTest print "result4 = ".$result."\n"; $this->assertEquals('Parent project not found', $result); + /* not allowed. Not a one line eval string + $result = (string) dol_eval('if ($a == 1) { }', 1, 1); + print "result4b = ".$result."\n"; + $this->assertEquals('aaa', $result); + */ + + // Now string not allowed + $s = 'new abc->invoke(\'whoami\')'; $result = (string) dol_eval($s, 1, 1, '2'); print "result = ".$result."\n"; - $this->assertEquals('Bad string syntax to evaluate: new abc__forbiddenstring__(\'whoami\')', $result); + $this->assertEquals('Bad string syntax to evaluate: new abc__forbiddenstring__(\'whoami\')', $result, 'The string was not detected as evil'); $s = 'new ReflectionFunction(\'abc\')'; $result = (string) dol_eval($s, 1, 1, '2'); print "result = ".$result."\n"; - $this->assertEquals('Bad string syntax to evaluate: new __forbiddenstring__(\'abc\')', $result); + $this->assertEquals('Bad string syntax to evaluate: new __forbiddenstring__(\'abc\')', $result, 'The string was not detected as evil'); $result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure print "result5 = ".json_encode($result)."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result)); + $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil'); $result = dol_eval('$a=function() { }; $a();', 1, 1, '1'); print "result6 = ".json_encode($result)."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result)); + $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'The string was not detected as evil'); $result = (string) dol_eval('$a=exec("ls");', 1, 1); print "result7 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = (string) dol_eval('$a=exec ("ls")', 1, 1); print "result8 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); + + $result = (string) dol_eval("strrev('metsys') ('whoami')", 1, 1); + print "result8b = ".$result."\n"; + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = (string) dol_eval('$a="test"; $$a;', 1, 0); print "result9 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = (string) dol_eval('`ls`', 1, 0); print "result10 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = (string) dol_eval("('ex'.'ec')('echo abc')", 1, 0); print "result11 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = (string) dol_eval("sprintf(\"%s%s\", \"ex\", \"ec\")('echo abc')", 1, 0); print "result12 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = dol_eval("90402.38+267678+0", 1, 1, 1); print "result13 = ".$result."\n"; - $this->assertEquals('358080.38', $result); + $this->assertEquals('358080.38', $result, 'The string was not detected as evil'); + + // Must be allowed global $leftmenu; // Used into strings to eval @@ -706,28 +720,29 @@ class SecurityTest extends CommonClassTest print "result18 = ".$result."\n"; $this->assertFalse($result); + // Not allowed + $a = 'ab'; $result = (string) dol_eval("(\$a.'s')", 1, 0); print "result19 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 19'); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 19 - The string was not detected as evil'); $leftmenu = 'abs'; $result = (string) dol_eval('$leftmenu(-5)', 1, 0); print "result20 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 20'); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 20 - The string was not detected as evil'); $result = (string) dol_eval('str_replace("z","e","zxzc")("whoami");', 1, 0); print "result21 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 21'); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 21 - The string was not detected as evil'); $result = (string) dol_eval('($a = "ex") && ($b = "ec") && ($cmd = "$a$b") && $cmd ("curl localhost:5555")', 1, 0); print "result22 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 22'); - + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 22 - The string was not detected as evil'); $result = (string) dol_eval('\'exec\'("aaa")', 1, 0); - print "result1 = ".$result."\n"; - $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'Cant find the string Bad string syntaxwhen i should'); + print "result23 = ".$result."\n"; + $this->assertStringContainsString('Bad string syntax to evaluate', json_encode($result), 'Test 23 - The string was not detected as evil - Can\'t find the string Bad string syntax when i should'); } /** From 8733e9d57ef174ec557134a210a1b0bd62fda3ca Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Mon, 23 Dec 2024 14:07:08 +0100 Subject: [PATCH 16/18] Fix security test blocking $_SESSION... --- htdocs/core/lib/functions.lib.php | 18 ++++++++++++++---- htdocs/core/lib/website2.lib.php | 17 +++++++++++++---- test/phpunit/SecurityTest.php | 23 +++++++++++++++++++---- test/phpunit/WebsiteTest.php | 6 ++++++ 4 files changed, 52 insertions(+), 12 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index fcf8c8407bf..0fd073885de 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10524,7 +10524,7 @@ function verifCond($strToEvaluate, $onlysimplestring = '1') * @param int<0,1> $hideerrors 1=Hide errors * @param string $onlysimplestring '0' (deprecated, do not use it anymore)=Accept all chars, * '1' (most common use)=Accept only simple string with char 'a-z0-9\s^$_+-.*>&|=!?():"\',/@';', - * '2' (used for example for the compute property of extrafields)=Accept also '[]' + * '2' (used for example for the compute property of extrafields)=Accept also '<[]' * @return void|string Nothing or return result of eval (even if type can be int, it is safer to assume string and find all potential typing issues as abs(dol_eval(...)). * @see verifCond(), checkPHPCode() to see sanitizing rules that should be very close. * @phan-suppress PhanPluginUnsafeEval @@ -10552,12 +10552,12 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' if ($onlysimplestring == '1' || $onlysimplestring == '2') { // We must accept with 1: '1 && getDolGlobalInt("doesnotexist1") && getDolGlobalString("MAIN_FEATURES_LEVEL")' // We must accept with 1: '$user->hasRight("cabinetmed", "read") && !$object->canvas=="patient@cabinetmed"' - // We must accept with 2: (($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found" + // We must accept with 2: (($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) <= 99) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : "Parent project not found" - // Check if there is dynamic call (first we check chars are all into use a whitelist chars) + // Check if there is dynamic call (first we check chars are all into a whitelist chars) $specialcharsallowed = '^$_+-.*>&|=!?():"\',/@'; if ($onlysimplestring == '2') { - $specialcharsallowed .= '[]'; + $specialcharsallowed .= '<[]'; } if (getDolGlobalString('MAIN_ALLOW_UNSECURED_SPECIAL_CHARS_IN_DOL_EVAL')) { $specialcharsallowed .= getDolGlobalString('MAIN_ALLOW_UNSECURED_SPECIAL_CHARS_IN_DOL_EVAL'); @@ -10571,6 +10571,16 @@ function dol_eval($s, $returnvalue = 1, $hideerrors = 1, $onlysimplestring = '1' } } + // Check if there is a < or <= without spaces before/after + if (preg_match('/<=?[^\s]/', $s)) { + if ($returnvalue) { + return 'Bad string syntax to evaluate (mode '.$onlysimplestring.', found a < or <= without space before and after): '.$s; + } else { + dol_syslog('Bad string syntax to evaluate (mode '.$onlysimplestring.', found a < or <= without space before and after): '.$s, LOG_WARNING); + return ''; + } + } + // Check if there is dynamic call (first we use black list patterns) if (preg_match('/\$[\w]*\s*\(/', $s)) { if ($returnvalue) { diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php index 0323e67265a..c82484fc056 100644 --- a/htdocs/core/lib/website2.lib.php +++ b/htdocs/core/lib/website2.lib.php @@ -720,10 +720,19 @@ function checkPHPCode(&$phpfullcodestringold, &$phpfullcodestring) } } + $phpfullcodestringnew = $phpfullcodestring; + // Then check forbidden commands if (!$error) { - $forbiddenphpstrings = array('$$', '$_', '}['); - //$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction')); + if (getDolGlobalString("WEBSITE_DISALLOW_DOLLAR_UNDERSCORE")) { + $phpfullcodestring = preg_replace('/\$_COOKIE\[/', '__DOLLARCOOKIE__', $phpfullcodestring); + $phpfullcodestring = preg_replace('/\$_FILES\[/', '__DOLLARFILES__', $phpfullcodestring); + $phpfullcodestring = preg_replace('/\$_SESSION\[/', '__DOLLARSESSION__', $phpfullcodestring); + $forbiddenphpstrings = array('$$', '$_', '}['); + } else { + $forbiddenphpstrings = array('$$', '}['); + } + //$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_FILES', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST', 'ReflectionFunction')); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', 'ReflectionFunction')); $forbiddenphpfunctions = array(); @@ -818,8 +827,8 @@ function checkPHPCode(&$phpfullcodestringold, &$phpfullcodestring) // No need to block $conf->global->aaa() because PHP try to run the method aaa of $conf->global and not the function into $conf->global->aaa. - // Then check if installmodules does not block dynamic PHP code change. - if ($phpfullcodestringold != $phpfullcodestring) { + // Then check if installmodules.lock does not block dynamic PHP code change. + if ($phpfullcodestringold != $phpfullcodestringnew) { if (!$error) { $dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT); $allowimportsite = true; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 45f962a3b47..743b6d33c8e 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -623,7 +623,13 @@ class SecurityTest extends CommonClassTest $s = '(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref : \'Parent project not found\''; $result = (string) dol_eval($s, 1, 1, '2'); print "result4 = ".$result."\n"; - $this->assertEquals('Parent project not found', $result); + $this->assertEquals('Parent project not found', $result, 'Test 4'); + + $s = '4 < 5'; + $result = (string) dol_eval($s, 1, 1, '2'); + print "result5 = ".$result."\n"; + $this->assertEquals('1', $result, 'Test 5'); + /* not allowed. Not a one line eval string $result = (string) dol_eval('if ($a == 1) { }', 1, 1); @@ -633,16 +639,25 @@ class SecurityTest extends CommonClassTest // Now string not allowed + $s = '4 <5'; + $result = (string) dol_eval($s, 1, 1, '2'); // in mode 2, char < is allowed only if followed by a space + print "result = ".$result."\n"; + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 4 <5 - The string was not detected as evil'); + + $s = '4 < 5'; + $result = (string) dol_eval($s, 1, 1, '1'); // in mode 1, char < is always forbidden + print "result = ".$result."\n"; + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'Test 4 < 5 - The string was not detected as evil'); + $s = 'new abc->invoke(\'whoami\')'; $result = (string) dol_eval($s, 1, 1, '2'); print "result = ".$result."\n"; - $this->assertEquals('Bad string syntax to evaluate: new abc__forbiddenstring__(\'whoami\')', $result, 'The string was not detected as evil'); + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $s = 'new ReflectionFunction(\'abc\')'; $result = (string) dol_eval($s, 1, 1, '2'); print "result = ".$result."\n"; - $this->assertEquals('Bad string syntax to evaluate: new __forbiddenstring__(\'abc\')', $result, 'The string was not detected as evil'); - + $this->assertStringContainsString('Bad string syntax to evaluate', $result, 'The string was not detected as evil'); $result = dol_eval('$a=function() { }; $a', 1, 1, '0'); // result of dol_eval may be an object Closure print "result5 = ".json_encode($result)."\n"; diff --git a/test/phpunit/WebsiteTest.php b/test/phpunit/WebsiteTest.php index bbf80cad4c5..0bdfdb5ca44 100644 --- a/test/phpunit/WebsiteTest.php +++ b/test/phpunit/WebsiteTest.php @@ -145,6 +145,12 @@ class WebsiteTest extends CommonClassTest print __METHOD__." result checkPHPCode=".$result."\n"; $this->assertEquals($result, 0, 'checkPHPCode detect string as dangerous when it is legitimate'); + $t = ''; + $s = ''; + $result = checkPHPCode($t, $s); + print __METHOD__." result checkPHPCode=".$result."\n"; + $this->assertEquals($result, 0, 'checkPHPCode detect string as dangerous when it is legitimate'); + // Dangerous From a8b494f7d72b63a8464be93a113dcacf7fd083af Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Mon, 23 Dec 2024 16:30:50 +0100 Subject: [PATCH 17/18] Trans --- htdocs/projet/list.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 9170ba31ed3..77eda021f11 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -256,12 +256,12 @@ foreach ($object->fields as $key => $val) { include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; // Add non object fields to fields for list -$arrayfields['s.nom'] = array('label' => $langs->trans("ThirdParty"), 'checked' => 1, 'position' => 21, 'enabled' => (!isModEnabled('societe') ? 0 : 1)); +$arrayfields['s.nom'] = array('label' => "ThirdParty", 'checked' => 1, 'position' => 21, 'enabled' => (!isModEnabled('societe') ? 0 : 1)); $arrayfields['s.name_alias'] = array('label' => "AliasNameShort", 'checked' => 0, 'position' => 22); $arrayfields['co.country_code'] = array('label' => "Country", 'checked' => -1, 'position' => 23); -$arrayfields['commercial'] = array('label' => $langs->trans("SaleRepresentativesOfThirdParty"), 'checked' => 0, 'position' => 25); -$arrayfields['c.assigned'] = array('label' => $langs->trans("AssignedTo"), 'checked' => 1, 'position' => 120); -$arrayfields['opp_weighted_amount'] = array('label' => $langs->trans('OpportunityWeightedAmountShort'), 'checked' => 0, 'enabled' => (!getDolGlobalString('PROJECT_USE_OPPORTUNITIES') ? 0 : 1), 'position' => 106); +$arrayfields['commercial'] = array('label' => "SaleRepresentativesOfThirdParty", 'checked' => 0, 'position' => 25); +$arrayfields['c.assigned'] = array('label' => "AssignedTo", 'checked' => 1, 'position' => 120); +$arrayfields['opp_weighted_amount'] = array('label' => 'OpportunityWeightedAmountShort', 'checked' => 0, 'enabled' => (!getDolGlobalString('PROJECT_USE_OPPORTUNITIES') ? 0 : 1), 'position' => 106); $arrayfields['u.login'] = array('label' => "Author", 'checked' => -1, 'position' => 165); // Force some fields according to search_usage filter... if (GETPOST('search_usage_opportunity')) { From 8947857f819885696bc52cc5f12e64ec9f123fe0 Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Mon, 23 Dec 2024 23:22:47 +0100 Subject: [PATCH 18/18] Debug v21 --- htdocs/core/tpl/objectline_create.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php index 4cf2258fded..96cfc189c13 100644 --- a/htdocs/core/tpl/objectline_create.tpl.php +++ b/htdocs/core/tpl/objectline_create.tpl.php @@ -1317,7 +1317,7 @@ if (!empty($usemargins) && $user->hasRight('margins', 'creer')) { jQuery("#select_type").val(-1); jQuery("#select_type").addClass("placeholder"); - jQuery("#select_type").trigger("change"); + /* jQuery("#select_type").trigger("change"); // Disabled. This create troubles. Never mind if the rester of combo is not done when using an ajax select_type combo. We don't use it because we are not able to call a focus on a change event of this combo. */ jQuery("#prod_entry_mode_free").prop('checked',false).change(); jQuery("#prod_entry_mode_predef").prop('checked',true).change();